On Tue, 2005-08-23 at 12:10 -0400, Scott Ullrich wrote: > This honestly should work the way you have it setup. > > Mine is setup to sync from the master firewall to the LAN ip of my > second firewall. I just pushed out a new firewall last night using > the Virtual IP sync function and it worked great. What version are > you on? Hopefully the latest. :)
79.2 on both of them. I wanted to do a side by side diff of the two configs just to make sure I didn't see any glaring differences. Anyone know of a way/program to sort the xml tags (followed by values) in an xml document so that they keep their same structure (tags stay properly nested)? Would make comparing them much easier because most of the tags would line up. here's an example: on fw0 the interfaces/opt2 tag has the following tags: descr, if, bridge, ipaddr, subnet, gateway, spoofmac, mtu, enable. Same goes for fw1 except they aren't in the same order. The desc and if are switched. That shows up as a difference between the two in a side by side diff. Its xml so the order doesn't really matter to the parser but to the naked eye it is a false positive. Now go to the aliases or dnsforwarder sections and the problem becomes more obvious. I figured that maybe you guys who look to the configs all the times for issues might know of a tool to do this. > On 8/23/05, Matthew Lenz <[EMAIL PROTECTED]> wrote: > > My config changes are not being synced to fw1 when I make them on fw0. > > Is there a log some where I can look at to see how/why this is failing? > > > > Here are the 'Services: CARP Settings' > > > > on fw0 (primary firwall): > > > > Synchronize Interface: OPT4 > > Synchronize to IP: OPT4's interface ip > > Remote System Password: admin's password for both boxes > > > > the following are checked: > > > > Synchronize Enabled > > Synchronize rules > > Synchronize aliases > > Synchronize nat > > Synchronize Virtual IPs > > > > on fw1 (backup firewall): > > > > Synchronize Interface: OPT4 > > > > the following are checked: > > > > Synchronize Enabled > > > > ------------ > > > > Both firewalls have a rule on OPT4 > > > > prot:* > > src:OPT4 net > > src port:* > > dest:OPT4 net > > dest port* > > > > failover is working on all 5 (soon to be 10) CARP ips. It seems as > > though states are being synced as well but I wouldn't know how to verify > > that (my tcp connections don't drop when I turn off the MASTER). I have > > fw0 set with a skew of 0 and fw1 with a skew of 1. They failover just > > fine and when preemption is checked (i've not got it checked at the > > moment because people are actually using the internet connection now) it > > gives fw0 back MASTER on all the interfaces just like it should. > > > > Thoughts? > > > >
